Hi all experts!
I have the following configuration:
Beats:
filebeat.inputs:
-type: log
enabled: true
tags: ["apache-error"]
paths:
- /var/log/httpd/error_log
- type: log
enabled: true
tags: ["apache-access"]
paths:
- /var/log/httpd/access_log
... and logstash:
if "apache-error" in [tags] {
elasticsearch {
hosts => ["ES1"]
index => "apache-error-%{+YYYY.MM.dd}"
}
}
if "apache-access" in [tags] {
elasticsearch {
hosts => ["ES2"]
index => "apache-access-%{+YYYY.MM.dd}"
}
}
However, indices are shown in ES like this:
filebeat-6.5.1-2018.12.07
Where am i messing up ?
Thanks in advance!